After a recent spike in FormBook infections, security researchers discovered a new file-hosting service that seems to be a place for hackers to host their malware. The resurgence in FormBook malware, used as part of password and information stealing campaigns, and currently targeting the retail and hospitality sectors, can be traced back to DropMyBin.
DropMyBin is a new malware-friendly site created about a week ago and protected by Cloudflare which masks its real-world location. The site hosts the second-stage dropper used to infect a computer after a user opens a malicious document. Researchers are describing it as the “hornets nest of malware” since it is being advertised and promoted as “high quality” and offering “direct downloads”, making it ideal for linking to malware. The functionality is said to be inviting hackers to use the service to host malware with “no questions asked”.